[Last Updated: August 29, 2018]
Before we detail the data processed and used we would like to explain the lawful basis for which we do so subject to the EU General Data Protection Regulation (“GDPR”):
(i) Where a Partner registers for any of our Services, we process the contact information in order to perform our contract with him;
(ii) If we have a legitimate interest in processing data, such using online identifiers when you access our website or sending direct marketing emails to our Partners; and
(iii) We will also process your Personal Data where you have provided us with consent to do so.
TapReason acts as a Processor of certain Personal Data, as defined under the GDPR, such as the data processed from end users (i.e., our Partner’s end users) on behalf of our Partner. TapReason is also a Controller of certain Personal Data, such as our Partner’s registration data, or if individuals contact us via our website or email.
1. INFORMATION COLLECTED
Depending on your interaction with us (meaning, if you are just browsing our website, or if you have registered to our Services, etc.), we may collect two types of information from you, as follows:
• Non-Personal Data: non-identifiable information which may be made available or gathered through your use of the Services and Website. To clarify, we are not aware of your identity due to such information (“Non-Personal Data”). The Non-Personal Data which is being collected may include your aggregated usage information and technical information transmitted or automatically collected.
• Personal Data: individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Data”). Personal Data includes either: (i) contact information such as name, phone number, address and email address, etc. (ii) online identifiers such as IP (“Online Identifiers”). Note that we treat Online Identifiers as Personal Data, in accordance with applicable laws (such as the GDPR).
• In the event we combine Personal Data with Non-Personal Data, the combined information will be treated as Personal Data for as long as it remains combined.
Data we collect from Partners and visitors as well as applicable retention policy
|Type of Data||How Do We Use It?||Retention|
|We collect certain technical information, such as: type of browser, type of operating system, language preference, access time and date, type of device, internet service provider, user click stream and actions within the website, etc. (“Technical Information”).||We use this Technical Information for (i) operating, providing, maintaining, protecting, managing our website and Service; (ii) enhancing your experience; and (iii) our legitimate interests of auditing and tracking usage statistics. The Online Identifiers are processed by us or our third parties (i.e., cookies) for analytic purposes.||We retain this data for as long as needed to provide the Service but in no event longer than 24 months. Online Identifiers are retained solely for a period of 30 days.|
|Contact us: We may collect your name and contact information in the event you contact us for support or other inquiries, either through the “contact us” form available on the website or by sending us an email.||We will use this information solely for the purpose of responding to your inquiries and provide you with the support or information you have requested.||We will keep this data for as long as needed to reply to your inquiries.|
|Registration: During the registration flow you provide us with certain information such as your full name, company name, title email address and phone number. During the registration process you will be required to create a user name and password, at which you thereby represent and warrant that you are solely responsible for maintaining the confidentiality of your details and password. Further you represent and warrant that the information provided by you is accurate and complete. You may also sign in with a social network account, such as Google +, that may provide us with access to certain information about you as stored therein (e.g. full name, e-mail and any other information which you made public).||We will use this information for the purpose of performing our contract with you, provide you with the Services you have requested, and designate your account in order to display the applicable information on your account dashboard. We will use your email address solely for direct marketing and communication related to the Service (e.g., invoices, newsletter, etc.).||We retain this data for as long as needed to provide the Service and for as long as our Partner users the account. Once the account is deleted or our partner shall require deletion of Personal Data we will comply without undue delay with such requirement. Notwithstanding the above, some Personal Data, such as invoices, will be kept for 7 years due to tax requirement.|
Data we process as Processors
As our Partner, you will be provided with a dashboard which includes data of your end users, as detailed below, TapReason is a Processor of this data and the Partner is the Controller of this data and we are your processor, therefore, the Data Processor Agreement (“DPA”) [Please add link] governs our relationship and the data below which we process on our Partners behalf.
|Type of Data||How Do We Use It?||Retention|
|Our SDK enables processing statistical information, thus, may include online identifiers and thus, disclosed herein. This data helps us understand trends and customer-needs so that new products and services can be considered and so existing products and services can be tailored to customer desires (“Statistical Information”). Statistical Information is anonymous and aggregated and we will not link Statistical Information to any Personal Data. We may share such Statistical Information with our partners, without restriction, on commercial terms that we can determine in our sole discretion.||We process this data solely on behalf of our Partners, the Controllers, for the purpose of providing our Services to them.||We will process this data for as long as instructed by the Controller or set forth in the applicable DPA.|
2. HOW WE COLLECT INFORMATION
Depending on the nature of your interaction with the Services, TapReason may collect data from you, as follows:
(i) Automatically (i.e., by accessing the site or app in which the SDK, or API, is implemented); or
(ii) Voluntarily provided by you (i.e., in the event you register or contact us).
|Google Analytics||www.google.com/policies/privacy/partners https://tools.google.com/dlpage/gaoptout/|
4. SHARING DATA WITH THIRD PARTIES
We may share your information, including Personal Data, as follows:
• Authorized Disclosures: following you consent we may share your Personal Data.
• Business Partners, Service Providers, Affiliates, and Subcontractors: We may disclose information, including Personal Data, we collect from and/or about you to our trusted affiliates, personnel, licensors, contractors, service providers and subcontractors; and
• Law Enforcement related disclosure: We may be required to share information (including Personal Data) collected with law enforcement agencies or court order requesting or directing us to disclose the identity, behavior or digital content of any user suspected to have engaged in illegal or infringing behavior. We may also share your Personal Data with third parties if we believe in good faith that disclosure is appropriate to protect our rights, property or safety or to protect the rights, property or safety of third parties.
Except as expressly set forth herein, we will not share your Personal Information with third parties without your explicit permission, except when required by law, regulation, subpoena or court order.
5. HOW WE PROTECT INFORMATION
TapReason is committed to protect your data, thus, we have implemented technical, organizational security measures to protect the Personal Data, both during transmission and once we receive it. Further we keep the database password protected with limited access, for more information please review the Amazon security policy https://aws.amazon.com/security/ as well as TapReason Information Security Policy available at: TapReason’s security policy.
6. USER RIGHTS
Individuals have the right to know what information we hold about them and, in some cases, to have such information communicated to them. Individuals may also ask for our confirmation as to whether or not we process their Personal Data. Subject to the limitations in applicable law, individuals may also be entitled to obtain from us the Personal Data they have provided to us in a structured, commonly-used, and machine-readable format, and may have the right to transmit such Personal Data to another party. The principal rights under applicable data protection law in relation to Personal Data are detailed in our user right policy available at: TapReason’s useright . If you wish to exercise any or all of the above rights, download the user right form and send it to us to: [email protected]
9. DATA TRANSFER OUTSIDE OF THE EEA